mirror of
https://github.com/discourse/discourse.git
synced 2024-12-02 03:03:44 +08:00
974b3a2a6f
When making sensitive changes to an account (adding 2FA or passkeys), we require users to confirm their password. This is to prevent an attacker from adding 2FA to an account they have access to. However, on newly created accounts, we should not require this, it's an extra step and it doesn't provide extra security (since the account was just created). This commit makes it so that we don't require session confirmation for accounts created less than 5 minutes ago. |
||
---|---|---|
.. | ||
staff_info_spec.rb | ||
user_notifications_spec.rb | ||
user_preferences_account_spec.rb | ||
user_preferences_interface_spec.rb | ||
user_preferences_navigation_spec.rb | ||
user_preferences_security_spec.rb | ||
user_profile_info_panel_spec.rb |